An update for the community.
After the problem detected on Tuesday 17th, we decided to change the Aave Governance v2 → Aave Governance v3 procedure in the following way:
- Even if new formal verification Certora properties are getting added to AAVE, aAAVE, and stkAAVE, we have decided to engage an extra security expert (Mixbytes) for a review of those components. Mixbytes has an important track record assessing the Aave ecosystem in the past and has provided us with a really prompt slot. The estimation is to have it finished on 7th November, and this implies that the migration of the voting system will need to wait until then.
For the sake of speed, we will cover the cost of it, and similar to in the past, we will submit a proposal for the DAO to compensate it afterward. - This change of plans should not disrupt or block other community initiatives (e.g. expansions to new networks), so we have decided to proceed with a proposal to activate a.DI (Aave Delivery Network) and its associated Aave Robot components. This “interim” step will be denominated as Aave Governance v2.5 and, more specifically, will have the following characteristics:
- The voting mechanism will still be the current Aave Governance V2: nothing changes at all.
- Cross-chain communication will be migrated completely to a.DI.
- Aave Robot will cover all possible automation (obviously not including those related to Governance v3 voting, as it will not be active).
- The address of the Aave Governance V3 contract will already be deployed and final for the future, but with a simpler and temporary implementation, which will be upgraded once the extra security procedures on the voting assets are completed, to the final v3 version.
This temporary implementation will just act as an adapter contract between Governance V2 and a.DI. - During this interim 2.5 period, the timelock on Ethereum will be the same as on L2s, a total of 2 days from the proposal’s voting passed until execution.
- In order to “inherit” the security procedures we applied on the previously submitted proposal, the payload will still include the majority of steps, like moving all permissions currently held by the Level 1 (Short) Executor (and BridgeExecutor on non-Ethereum), to the new Governance v3 Executors.
- To activate the interim Aave Governance v2.5, only a Level 1 (Short) Executor proposal will be required, without any extra Mediator complexity. An extra Level 2 (Long) Executor + Mediator will be needed, but afterward, when the activation of the final v3 will be possible.
In terms of timeline (subjected to changes), our estimation is the following:
- On Monday 23rd, we will create the Governance v2.5 activation proposal. If it passes, it will be executed end of the week.
- On the range 10th-12th of November, the creation of the final proposal/s to complete the migration from v2.5 to v3. If it passes, will be executed 21 days later, the same as on the original v2 plan.
Between those, the community can create and vote on proposals as usual, with no blocker.